Jump to content

Virus Warning

Recommended Posts

I am running Windows 7 Pro on an older desk top and during the last few days have been getting a Virus detected and quarantined message on virtually every application that I use.  I have been using some of these sights for 10 plus years and never had this issue previously.  It persists even when I switch from Firefox to Chrome.  I just ran a full scan of the entire computer and get reports of no virus found and have verified that the latest update is installed (as of 2/2/19).  When I go to manually initialize Immunet, I see a note that the computer has never been scanned and  is not secure even when I have just run a full scan. 

A typical warning is that f_0001f3 has been detected as Clam.Txt.Trojan.Generic-6840302-0.  Quarantine was successful.  I even got a message that Firefox Installer was a Trojan.

This is very annoying and I would like some suggestions to resolve this issue.



Edited by Nelson Thompson
Add info
  • Like 2
Link to comment
Share on other sites

I am also having this problem, every time I open a new tab or website in Google Chrome I get a notification that Immunet has quarantined a file called f_(any combo of numbers and letters like, f_00003b / f_047ae5 / f_0aa457) and Clam.Txt.Trojan.Generic-6840302-0. I did a full scan and it said it quarantined 5 files, and then I did a second full scan right after and there were 0 malicious files. I have cleared my Chrome Cache and Reset Browser settings, and restarted my computer several times. I am on Windows 10 Pro (version 10.0.17134) and Chrome version 71, and Immunet update from (2/2/19 which is today), and I get a file quarantined / threat detected every few minutes. I can't even find the files that it is referencing, the path is C:\Users\grace\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00003b     I can't even reach this file in my system, and I thought clearing my Google cache would help but it has not, and all of the 30 files it has "quarantined" in the last day has had the same path with a change at the end. I don't know what to do

EDIT: I have found the files that they deem to be a threat and determined them not to be harmful, they are only my cache preloads, and i have decided to whitelist / have Immunet not search my Chrome Cache file for threats, just because I don't want the program to continuously quarantine my preloads. If what I have just done is very harmful or a very bad idea, please let me know!

Edited by GGG
White-listing my cache
Link to comment
Share on other sites

I'm receiving the same message when loading Gmail in firefox flagging a cache file as "Txt.Trojan.Generic-6840302-0". I also have a number of anti-spam anti tracking and security plugins installed. It's possible one of them is doing something Immunet doesn't like.

ABP, Ghostery, uBlock Origin, https everywhere, canvas defender, privacy badger, firefox multi-account containers and lastpass.

I uploaded the cache sample to virus total. The ClamAV engine was the only one to flag this as a trojan. The content is a compressed GZ stream with the following code:

this.A2A=this.A2A||{};(function(_){var window=this;
var aa,ba,ca,da,ea,fa,ha,ia,ja,ka,la,ma,na,ua,va,wa,xa,ya,za,Ba,Da,Ea,Ia,p,Ja,Ka,Na,Oa,Pa,Qa,Ra,Sa,Ta,Va,Wa,eb,fb,gb,hb,ib,jb,kb,mb,lb,nb,ob,pb,q,t,v,qb,rb,sb,tb,ub,vb,wb,yb,zb,Cb,Ab,Bb,Db,Eb,Fb,x,z;aa=function(a){for(var b=a.length;0<=--b;)a=0};ba=function(a,b,c,d,e){this.te=a;this.Jf=b;this.If=c;this.Ff=d;this.lg=e;this.Nd=a&&a.length};ca=function(a,b){this.zd=a;this.xb=0;this.Wa=b};da=function(a,b){a.T[a.B++]=b&255;a.T[a.B++]=b>>>8&2

Source: https://www.virustotal.com/en/file/6570a85c33d467f10e52bddc31575c4329ca1a6ae9641c4321690a8ae65e41c5/analysis/1549184011/

I've submitted it to clamAV as a false positive.

  • Thanks 1
Link to comment
Share on other sites

2 hours ago, Nelson Thompson said:

That appears to be a somewhat drastic solution to the issue but I may consider doing the same thing if I cannot resolve this present issue.



5 hours ago, stealth47 said:

I have gotten rid of the annoying popup by removing immunet from my computer for the time being.


If all of the false positives come from the same folder (mine is the chrome cache) you can whitelist/exclude that folder from Immunet's virus search as I have done. You just go into the settings and add an exclusion and then copy+paste or browse to your folder cache.

so open Immunet > settings > add new exclusion > file/folder type > whatever path to your folder you want to whitelist, i did  C:\Users\(user name)\AppData\Local\Google\Chrome\User Data\Default\Cache\   and this has resolved my issue

Link to comment
Share on other sites

My warnings are in FireFox profile. They resulted from the simultaneous opening of eight (8) URLS with an additional two URLs already opened.

I disconnected my Win 7 Home SP-1 64 bit PC from network. I manually deleted all items in quarantine and noted several that were detected but Immunet was not able to quarantine. I ran a quick scan and two items were removed.

Additionally Immunet shut down!! Without me closing it.

I reinstalled using an up to date copy I have resulting in, reconnected the network, and then an update check says everything up to date including definitions installed one hour before problem started.

I repeated the the simultaneous opening of eight (8) URLS with an additional two URLs already opened with the result the same except Immunet did not shut down.

So leaving the Immunet results alone I opened each URL one at a time and Immunet duplicated its quarantines and quarantine failures.

Perhaps the definition file has an inappropriate addition for its newest info? This could be tested if Immunet could supply an older definition file for testing.

If this keeps up Immunet will not be of practical use.

Edited by ebloch
Link to comment
Share on other sites

confirmed, is defiantly a Clam false positive.  Thanks to everyone who reported this.  we're reprod it internally and are working on a fix.  In the mean time, if you turn off the  clam AV engine in Immunet's settings  that'll prevent the constant FP  notifications  and still keep your computer protected with the immunet  cloud engine.  We'll notify the thread  to turn clam back on as soon as the fp is fixed.



  • Like 2
Link to comment
Share on other sites

the The FP'ing sig was fixed late yesterday and it's safe to to turn the Clam engine back on,  and but please ensure you start a manual clam definitions update too; by clicking he update now button in immunet  gui.  And that will ensure the  sig is updated    asap.


Link to comment
Share on other sites

  • 1 year later...

It is now well over a year since the problem was "fixed."  I am running windows 10, all the current updates, fully updated Immunet, and am STILL GETTING clam detections on Chrome.

I am disabling the clam engine as suggested last year, but would like some indication as to why this "fixed" issue is plaguing me.  I visit the same pages in Firefox without incident.



Link to comment
Share on other sites

Hello Emeric,

I'm sure this a new False Positive response by ClamAV & 'not the same issue' Emeric.

I would normally suggest that you submit these files for analysis at our False Positive URL but that seems to be non-functional for now. Since they are Clam detections you could submit your findings directly to the ClamAV support team at this URL. https://www.clamav.net/reports/fp

Have you tried to restore these files from Quarantine?

If you run into problems restoring the files you do also have the option to just create a custom Exclusion rule for Chrome's 'entire Program Files folder directory' so it will no longer be scanned.

I know that's a less than ideal possible fix but there hasn't been any technical support on this forum for some time now. Although I'm not an official support person that might be your best viable solution that I can think of. If that works you should be able to continue to use the ClamAV module.

Best wishes, Ritchie...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...